Legal and privacy

Legal and privacy

1. Terms & Definitions




Characteristic of the information by which authorized persons can access it when needed.


Characteristic of the information by which it is available only to authorized persons or systems. Mazars information classification is detailed in the Information Sensitivity Declaration.

Data Protection

Process of safeguarding personal data, namely any information relating to an identified or identifiable natural person (as further defined in Art. 5 (a) and (b) of the Swiss Federal Act on Data Protection of September 25, 2020 and in Art. 4(1) of EU Regulation No. 2016/679 (GDPR) against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures put in place in accordance with Art. 7 nFADP.

2. Data Protection and Privacy

Mazars SA, whose registered office is located at Chemin de Blandonnet 2, CH-1214 Vernier – Genève, respects the confidentiality of your data and undertakes to protect them in accordance with the revised Swiss Federal Act on Data Protection of September 25, 2020 (nFADP) in force from September 1, 2023. 

2.1 Data Controller

Unless you send us a request concerning your personal data for which we are a data processor, according to the terms of our engagement, Mazars in Switzerland is an independent data controller for all personal data you provide to us via our website. If your request concerns one of our subsidiaries or members of our group, we will forward the request to them on your behalf. 

2.2 Data Collection

Mazars in Switzerland collects personal data that is considered “business-related information”. This data may include information about identified or identifiable individuals, such as your name, telephone number, address, email address and position within the company. It may also include technical information such as your IP address or bank details for transactions. This information is collected when you provide it voluntarily, for example, when you use our website, software, services, create and account with us, contact us for assistance or send us an inquiry. 

We collect, store, and process your personal data to the extent necessary to manage our relationship, process your orders and contractual obligations and to guarantee a high level of quality in our service. In addition, we also process your personal data for the purposes of secure technical operations, communication, quality improvement and the provision of related services. 

In some cases, where necessary to meet our contractual obligations, the processing of your personal data may also include analyses and statistics for quality and safety purposes, as well as for reporting and invoice verification. Compliance with the new Federal Act on Data Protection (nFADP) is at the heart of our processes for collecting and processing your personal data. Rest assured that we have taken all necessary measures to ensure compliance with this las and to protect your personal data. 

2.3 Data Usage

Mazars in Switzerland may process your personal data collected through our website for the purposes described below: 

- Entry into force and performance of contract: If you express an interest in becoming a Mazars customer, we will use personal data to take steps to enter a service contract with you. We may continue to use the data provided through our website in order to perform our obligations under a contract with you. 

- Our legitimate interests: We process personal data in order to manage our business, including managing our relationship with you, complying with our administrative, accounting, and corporate rights and obligations, maintaining, and using our IT systems and developing our business and services. 

- Recruitment and personnel administration: If you apply for a job on our website, we collect the personal data of job applicants in order to recruit new employees. 

- Security, quality, and risk management: Personal data may be processed for the purposes of maintaining security, internal quality, and risk analysis. 

- Direct marketing: We may process personal data for direct marketing purposes in order to promote and develop our services and to provide you with information that we think may be of interest to you. In all cases, we will give you the opportunity to opt-out of our direct marketing activities. You can do this by using the unsubscribe options contained in the information you have received or by contacting us at 

- Comply with legal, regulatory, or professional requirements of which we are a member: We are subject to legal. Regulatory and professional obligations. We must keep certain records to demonstrate that our services are provided in accordance with these obligations, and these records may contain personal data. 

All personal data submitted through this site may be used by us in an anonymous form in order to evaluate and improve the services we provide, and fir our wider business development activities. 

2.4 Data Sharing

While providing our services, it may be necessary for us to share your information with third parties, for example with a data centre or suppliers working on our behalf, such as for payment processing or data analysis. Nevertheless, we strictly adhere to the following principles: 

- The third parties to whom we entrust your data have strictly limited and controlled access to it, solely in connection with the transaction or services concerned, such as payments or the maintenance of IT operations. 

- We ensure that these third parties are contractually bound to protect your personal data and to act in accordance with the new Federal Act on Data Protection (nFADP), as well as all other applicable laws. 

- We only provide third parties with information that is strictly necessary for the performance of the services concerned. Furthermore, they do not have the right to use your data for other purposes or to share it further. 

- We expect these third parties to respect our commitment to data protection and privacy and to take all necessary measures to ensure the security of your data. 

It is part of our commitment to protecting your privacy and complying with new Federal Act on Data Protection (nFADP), and other applicable laws. 

2.5 Data Retention

Your personal data will be retained for as long as necessary to achieve the purposes for which it was collected unless a longer retention period is required or permitted by law. By default, we retain data for a period of 10 years after the end of the business relationship. 

2.6 Data Security

Mazars in Switzerland ensures appropriate technical and organizational controls are in place to protect your personal data against loss, misuse, alteration, and unintentional destruction, such as the use of anti-virus software, firewalls, secure servers, encryption software, password protection, physical access controls, two-factor authentication, intrusion, and anomaly detection. 

Our staff who have access to your personal data have been trained to maintain the confidentiality of this data and will only have access to your personal data to the extent that they need this information to carry out their duties correctly. Those who have access to your data are also bound by strict professional confidentiality. 

All our subcontractors, subprocesses and suppliers are informed of the conditions under which data is to be protected to at least the same standards as our own. 

Our security defences are regularly monitored and tested to ensure they remain effective in the face of the latest threats. 

Data transferred over the internet by us and via this website is protected by encryption technologies. No internet transaction can be guaranteed to be 100% secure. 

2.7 Individual Rights

You may exercise several rights in relation to your data, in particular: 

- Access to your personal data we hold about you, 

- Request to correct inaccurate personal data held by us, 

- Request for deletion of your personal data, 

- Withdraw consent to the processing of your personal data, where consent has been obtained, 

- Impose restrictions on the processing of your personal data, 

- Oppose the processing of your personal data, and 

- Request a transfer of your personal data to another controller. 

Mazars in Switzerland will handle any exercise of your rights as a data subject in accordance with the requirements of applicable privacy legislation. If you wish to exercise any of your rights as a data subject or if you have any questions regarding this statement, please contact us using our contact form

If you are not satisfied with the way we have handled your personal data, and or are unable to resolve the problem, you can contact the Federal Data Protection and Information Commissioner (FDPIC). 

2.8 Changes to Declaration 

Mazars in Switzerland reserves the right to modify this Data Protection and Privacy Declaration at any time. We will inform you of any important changes by publishing the new Declaration on our website. 

Your personal data will be retained for as long as necessary to achieve the purposes for which it was collected unless a longer retention period is required or permitted by law. By default, we retain data for a period of 10 years after the need of the business relationship.

Third party APIs